zeek/scripts/policy/frameworks/intel/seen at 476891c14a6ad001436700f80242dc32c3295b03 - Mirror/zeek

mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00

History

Johanna Amann 41606e18fb Intel: Allow to provide uid/fuid instead of conn/f. This patch allows users to provide the fuid or the connection id directly, in case they do not have access to either in the event that they handle. An example for this is the handling of certificates in SSL, where the fa_file record cannot be retained because this would create a cyclic data structure. This patch also provides file IDs for hostname matches in certificates, which was not possible with the previous API.		2016-04-25 16:54:47 -07:00
..
__load__.bro	X509 file analyzer nearly done. Verification and most other policy scripts	2014-03-03 17:07:50 -08:00
conn-established.bro	Some script reorg and a new intel extension script.	2013-07-29 16:40:16 -04:00
dns.bro	Some script reorg and a new intel extension script.	2013-07-29 16:40:16 -04:00
file-hashes.bro	Add file name support to intel framework.	2013-08-13 13:21:31 -04:00
file-names.bro	Add file name support to intel framework.	2013-08-13 13:21:31 -04:00
http-headers.bro	Deprecate split* family of BIFs.	2015-01-21 15:34:42 -06:00
http-url.bro	Some script reorg and a new intel extension script.	2013-07-29 16:40:16 -04:00
pubkey-hashes.bro	SSH: Intel framework integration (PUBKEY_HASH)	2015-03-17 12:33:09 -04:00
README	Add more script package README files	2013-10-23 16:36:14 -05:00
smtp-url-extraction.bro	Merge remote-tracking branch 'origin/topic/seth/faf-updates'	2013-07-29 14:21:52 -07:00
smtp.bro	Deprecate split* family of BIFs.	2015-01-21 15:34:42 -06:00
ssl.bro	Intel: Allow to provide uid/fuid instead of conn/f.	2016-04-25 16:54:47 -07:00
where-locations.bro	SSH: Intel framework integration (PUBKEY_HASH)	2015-03-17 12:33:09 -04:00
x509.bro	Intel: CERT_HASH indicator type was never checked	2016-04-11 15:50:55 +02:00

README

Scripts that send data to the intelligence framework.